import uuid
from unittest.mock import Mock, patch

from authlib.integrations.base_client import OAuthError
from django.conf import settings
from django.test import TestCase
from django.urls import reverse

from vbv_lernwelt.core.models import User


def decoded_token(email, oid=None, given_name="Bobby", family_name="Table"):
    return {
        "emails": [email],
        "oid": oid or uuid.uuid4(),
        "given_name": given_name,
        "family_name": family_name,
    }


class TestSSOFlow(TestCase):
    @patch("vbv_lernwelt.sso.views.oauth")
    @patch("vbv_lernwelt.sso.views.decode_jwt")
    def test_authorize_redirects_on_success(self, mock_decode_jwt, _):
        # GIVEN
        email = "bobby@drop.table"
        mock_decode_jwt.return_value = decoded_token(email)

        # WHEN
        response = self.client.get(reverse("sso:authorize"))

        # THEN
        self.assertTrue(User.objects.filter(email=email).exists())
        self.assertEqual(response.status_code, 302)
        self.assertEqual(response.url, "/")  # noqa

    @patch("vbv_lernwelt.sso.views.oauth")
    def test_authorize_on_tampered_token(self, mock_oauth_service):
        # GIVEN
        client_name = settings.OAUTH["client_name"]
        client_mock = Mock()
        client_mock.authorize_access_token.side_effect = OAuthError()
        setattr(mock_oauth_service, client_name, client_mock)

        # WHEN
        response = self.client.get(reverse("sso:authorize"))

        # THEN
        # sanity check that the mock was called (-> setup is correct)
        self.assertEqual(client_mock.authorize_access_token.call_count, 1)

        self.assertEqual(response.status_code, 302)
        self.assertEqual(response.url, "/login-error?state=someerror")  # noqa